69 lines
1.7 KiB
YAML
69 lines
1.7 KiB
YAML
# Dynamic Middleware Configuration
|
|
|
|
http:
|
|
middlewares:
|
|
# Security headers for all services
|
|
security-headers-global:
|
|
headers:
|
|
frameDeny: true
|
|
contentTypeNosniff: true
|
|
browserXssFilter: true
|
|
stsSeconds: 31536000
|
|
stsIncludeSubdomains: true
|
|
stsPreload: true
|
|
forceSTSHeader: true
|
|
customFrameOptionsValue: "SAMEORIGIN"
|
|
contentSecurityPolicy: "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';"
|
|
referrerPolicy: "strict-origin-when-cross-origin"
|
|
permissionsPolicy: "geolocation=(), microphone=(), camera=()"
|
|
|
|
# Compression for better performance
|
|
gzip-compression:
|
|
compress:
|
|
excludedContentTypes:
|
|
- text/event-stream
|
|
|
|
# Rate limiting - strict
|
|
rate-limit-strict:
|
|
rateLimit:
|
|
average: 50
|
|
burst: 25
|
|
period: 1s
|
|
|
|
# Rate limiting - moderate
|
|
rate-limit-moderate:
|
|
rateLimit:
|
|
average: 100
|
|
burst: 50
|
|
period: 1s
|
|
|
|
# Rate limiting - lenient
|
|
rate-limit-lenient:
|
|
rateLimit:
|
|
average: 200
|
|
burst: 100
|
|
period: 1s
|
|
|
|
# IP whitelist for admin services (example)
|
|
# Uncomment and adjust for production
|
|
# admin-whitelist:
|
|
# ipWhiteList:
|
|
# sourceRange:
|
|
# - "127.0.0.1/32"
|
|
# - "10.0.0.0/8"
|
|
|
|
# Chain multiple middlewares
|
|
default-chain:
|
|
chain:
|
|
middlewares:
|
|
- security-headers-global
|
|
- gzip-compression
|
|
|
|
admin-chain:
|
|
chain:
|
|
middlewares:
|
|
- security-headers-global
|
|
- gzip-compression
|
|
- rate-limit-strict
|
|
# - admin-whitelist # Uncomment for IP whitelisting
|